Release: Prerelease 10.3.0-alpha.14#33981
Merged
Merged
Conversation
…ad of disabling it.
…ing its visibility.
…ns, use column layout on small screens for WCAG 2.1 Reflow
- Updated `dev-server.ts` to expose local and network addresses for QR code link sharing. - Refactored `get-server-channel.ts` to accept options and validate WebSocket origins. - Removed the deprecated `validate-websocket-token.ts` and integrated its functionality into `validate-websocket.ts`. - Enhanced tests in `server-channel.test.ts` and added new tests in `validate-websocket.test.ts` to cover origin and token validation scenarios. This change enhances security and usability for WebSocket connections.
Clarified security patching policy for supported versions and updated example version.
Clarified the policy on backporting security fixes and specified supported versions based on CVSS scores.
Co-authored-by: valentinpalkovic <5889929+valentinpalkovic@users.noreply.github.com>
…add tests for TagsOptions
…subpath When Storybook is hosted at a subpath without a trailing slash (e.g. `/design-system`), the previous regex `/\/[^/]*$/` would strip the entire last path segment and replace it with `/`, losing the subpath prefix and producing `/iframe.html` instead of `/design-system/iframe.html`. Fix: only strip the last segment if it looks like an HTML file (ends in `.html`), then ensure a trailing slash before appending `iframe.html`. This correctly handles all cases: - `/` → `/iframe.html` - `/index.html` → `/iframe.html` - `/design-system` → `/design-system/iframe.html` - `/design-system/` → `/design-system/iframe.html` - `/design-system/index.html` → `/design-system/iframe.html` Fixes #33848
…cess by default (for now)
…e validation logic to default to allowing all hosts when host is set to '0.0.0.0' and inherit Storybook's allowedHosts configuration in Vite config.
Co-authored-by: Kyle Gach <kyle.gach@gmail.com>
Co-authored-by: valentinpalkovic <5889929+valentinpalkovic@users.noreply.github.com>
… it for the zoom reset button.
…dation logic - Updated package.json to include host-validation-middleware@^0.1.2. - Integrated host-validation-middleware in dev-server for improved host validation. - Refactored WebSocket validation logic to utilize host-validation-middleware for origin and token checks. - Adjusted tests to reflect changes in validation logic and ensure proper functionality.
- Removed the deprecated host-validation-middleware import from dev-server. - Updated get-server-channel to use isValidHost for origin validation. - Added isValidHost function to getHostValidationMiddleware for improved host validation. - Introduced validate-token utility for secure token validation. - Removed obsolete validate-websocket utility and its associated tests. - Updated tests for getHostValidationMiddleware to reflect new validation logic and added tests for isValidToken.
Co-authored-by: jonniebigodes <joaocontadesenvolvimento@gmail.com>
…on-when-value-is-initial Core: Zoom tool refinements - Hide reset button when value is initial
Co-authored-by: valentinpalkovic <5889929+valentinpalkovic@users.noreply.github.com>
…ser-warning
CSF-Factories: Fix ConfigFile parser false warning on `definePreview({...}).type<T>()` export default
…ntents-documentation Docs: Add TableOfContents API reference page
Core: Update TagOptions to allow undefined defaultFilterSelection and add tests for TagsOptions
storybook-bot
force-pushed
the
version-non-patch-from-10.3.0-alpha.13
branch
from
0340279 to
031ace8
Compare
Core: Add host/origin validation to requests and websocket connections
storybook-bot
force-pushed
the
version-non-patch-from-10.3.0-alpha.13
branch
from
031ace8 to
69291ca
Compare
UI: Allow direct kb/mouse actions on zoom tool button
storybook-bot
force-pushed
the
version-non-patch-from-10.3.0-alpha.13
branch
from
69291ca to
8d9040c
Compare
…adjustments Build: Fix copilot instructions
storybook-bot
force-pushed
the
version-non-patch-from-10.3.0-alpha.13
branch
from
8d9040c to
8f6f950
Compare
yannbf
added
ci:daily
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is an automated pull request that bumps the version from
10.3.0-alpha.13to10.3.0-alpha.14.Once this pull request is merged, it will trigger a new release of version
10.3.0-alpha.14.If you're not a core maintainer with permissions to release you can ignore this pull request.
To do
Before merging the PR, there are a few QA steps to go through:
And for each change below:
This is a list of all the PRs merged and commits pushed directly to
next, that will be part of this release:definePreview({...}).type<T>()export default #33885 (will also be patched)If you've made any changes doing the above QA (change PR titles, revert PRs), manually trigger a re-generation of this PR with this workflow and wait for it to finish. It will wipe your progress in this to do, which is expected.
Feel free to manually commit any changes necessary to this branch after you've done the last re-generation, following the Make Manual Changes section in the docs, especially if you're making changes to the changelog.
When everything above is done:
Generated changelog
10.3.0-alpha.14
definePreview({...}).type<T>()export default - #33885, thanks copilot-swe-agent!